Security Test Prompts Federal Fraud Alert 36
itwbennett writes "Johannes Ullrich, chief research officer at the SANS Institute, took great interest in a National Credit Union Administration (NCUA) warning issued earlier this week, thinking, 'Finally this is in the wild, because I've only seen it in pen tests before.' Unfortunately for Mr. Ullrich, the letter and 2 CDs that caused the kerfuffle were part of a sanctioned security test of a bank's computer systems conducted by Ohio-based security company MicroSolved. 'It was a part of some social engineering we were doing in a fully sanctioned penetration test,' said MicroSolved CEO Brent Huston. For his part, NCUA spokesman John McKechnie did not have much to say about his organization's alert, except that 'at this point, it appears that this is an isolated event.'"
Re:Um, their first clue that these consultants suc (Score:4, Informative)
Re:Um, their first clue that these consultants suc (Score:5, Informative)
it seemed like for a time "Micro" was really hot as a precursor to a company name.
The '80s was the height of the microcomputer revolution. For anyone who didn't live through it, a microcomputer is a computer which uses a microprocessor (a CPU on a single chip). This differentiates them from minicomputers and mainframes which, at the time, which typically had different parts of the CPU in several different chips. It wasn't until the mid '90s that even mainframes were using microprocessors; the first two generations of IBM's POWER series, for example, were multi-chip configurations.
The companies that rode the microcomputer wave were often not the companies that did well in the shrinking minicomputer and mainframe markets (and the minicomputer companies were often not established mainframe names either). They used micro- to differentiate themselves from the dinosaurs who were still clinging to the one-computer-per-company model. The implication was low-cost and flexible.
Re:They detect the breach but fail (Score:1, Informative)
This was not a sanctioned event. Maybe it was sanctioned by the CU but not by the NCUA. So how was the NCUA supposed to know this was an isolated event? Hence the FIRST alert they sent. But the linked article fails to mention the SECOND alert the NCUA sent. http://www.ncua.gov/news/press_releases/2009/MR09-0828d.htm Basically they are chastising the Credit Union who started the mess.